﻿<%@ page language="java" import="java.util.*" pageEncoding="utf-8"%>
<%@ page language="java" import="java.sql.*" %>
<jsp:useBean id="connDbBean" scope="page" class="com.util.db"/>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>

    <title>My JSP 'adminyanzheng.jsp' starting page</title>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head>

<body>
<%

    String uid=request.getParameter("username");
    String pwd=request.getParameter("pwd");
    String cx=request.getParameter("cx");
    String pagerandom = request.getParameter("pagerandom")==null?"":request.getParameter("pagerandom");
    String random = (String)request.getSession().getAttribute("random");
    if(!pagerandom.equals(random))
    {
        out.print("<script>alert('验证码不正确!');window.history.go(-1);</script>");
        out.close();

    }
    String sql="";
    if(cx.equals("管理员")){sql="select * from allusers where username='"+uid+"' and pwd='"+pwd+"'";}
    if(cx.equals("用户")){sql="select * from yonghuxinxi where yonghuming='"+uid+"' and mima='"+pwd+"' and issh='是' ";}


//    connDbBean.nmm = "2005";

    ResultSet RS_result=null;
    try {
        RS_result = connDbBean.executeQuery(sql);
        if(!RS_result.next()) {
            out.print("<script>alert('你输入的用户不存在或密码错误,请重新登录!');window.history.go(-1);</script>");
        } else {
            session.setAttribute("username",uid);
            session.setAttribute("uid",RS_result.getString("id"));
            if(cx.equals("管理员")) {
                session.setAttribute("cx",RS_result.getString("cx"));
            }
            if(cx.equals("用户")) {
                session.setAttribute("zhaopian",RS_result.getString("touxiang"));
                session.setAttribute("cx",cx);
            } else {
                session.setAttribute("cx",cx);
            }
            response.sendRedirect("main.jsp");
        }
    } catch(Exception e) {
        e.printStackTrace();
        out.print("<script>alert('系统错误，请联系管理员!');window.history.go(-1);</script>");
    } finally {
        if(RS_result != null) {
            try { RS_result.close(); } catch(Exception e) { }
        }
    }

%>
</body>
</html>
